$AZA Token Bridge
Last updated
Last updated
The ⋀ ($AZA) token is an ERC20 smart contract deployed on the Ethereum Mainnet.
While the long-term goal of Azarus is to build a fully decentralized platform, we realize that the technology is not mature enough to seamlessly onboard an audience of 4 billion stream viewers. There are still significant challenges on the user experience and security front, and as a consequence, we decided to focus on safety and ease of use as our primary objectives for the platform, while tethering value and ownership to Ethereum Mainnet.
The architecture is based on a set of assumptions and/or observations:
Bridges are holding a lot of value, and hence will always be a strong attack vector.
Bridge technology is immature, and always relies on oracles.
Centralized oracles can be hacked (cf Axie's hack)
Decentralized oracles sound great, but only if a high level of decentralization can be achieved and maintained.
Upgradeable contracts are a risk.
Multisig Wallets are mature and safe - exploits come from user mistakes. A proper process combined with a Gnosis Safe is trustable.
Amazon AWS KMS is a trusted method to generate and use a private key in a hardware wallet, never exposing such key except for a whitelisted microservice. With the service having no API or no I/O in general and being executed in a serverless environment, it's reasonable to assume provided sufficient code quality review (i.e. with no backdoor as well as no critical data ever printing in the service logs) that this oracle and the private key will be safe.
There will be bugs, and there will be issues. As a company and as a steward of the token and the platform, we need to have the ability to notice, react and fix problems as fast as possible.
The diagram below provides an overview of the architecture built using "safe" components and processes.
There are 2 main multisig wallets involved in day-to-day operations.
The Master Safe is the main wallet holding all the unvested tokens. This Safe is under the responsibility of Azarus' board of directors. Directors can operate the safe according to the board's decisions. 3 signatures are required. The safe is able to transfer tokens and call contracts.
The Bridge Safe holds the ⋀ sent to Azarus L2. Only one signature is required to operate it, but only 2 signatories are available: the Master Safe and the Oracle. Through the Master Safe, 3 signatures from directors can update the oracle's address, and access the tokens should there be a need to fix an issue with the bridge. The Oracle can transfer tokens out of the bridge to user wallets.
The Deposit contract is built on top of Openzeppelin's contracts and is pausable by the Master Safe. The User must first authorize the Deposit contract and then call the deposit(address l2Address, uint amount); function.
Upgrading the contract implies pausing it, deploying a new contract and updating the contract address on the frontend.
On the Azarus dashboard, in order to deposit ⋀ to their account, users must:
Connect their wallet of choice using Walletconnect.
Select the amount they want to transfer, and review the fee breakdown.
Click the "Authorize" button, and authorize the deposit contract to transfer the amount of ⋀ (if necessary) - The user pays gas, and receives a txid.
Wait until #3 is processed by the network.
Click the deposit button which will call the deposit contract on the deposit function - The user pays gas, and receives a txid.
Wait until #5 is processed by the network
⋀ is added to their account.
On the Azarus dashboard, Users can find a section to send their token to a wallet.
A prerequisite to being able to operate a transfer is being "Verified," meaning the User has a valid KYC less than 1 year old.
A verified user will:
Input an Ethereum address or ENS, and select an amount of ⋀ to transfer.
Review the fee structure and confirm the amount of ⋀ they'll effectively receive in their wallet.
Receive an OTP code to confirm the transaction.
⋀ are removed from their account - they receive a txid to track the deposit.
⋀ are added to the target address.
While we embrace volatility in markets, we believe that keeping the token usable and its value understandable by the general public is essential.
We strive to have the value of the ⋀ on L2 track a window-average, the "rate-watch window", of the trading value in exchange, updated at regular intervals, initially daily (or shorter based on trading volume and usage).
To keep the Azarus platform safe and prevent abuse that could emerge from the value of ⋀ fluctuating too much and too fast (i.e., buy $4 of ⋀ that you redeem for a $5 gift card in the store resulting in Crypto Arbitrage), we'll be adopting a fee structure for deposit/withdrawals as follows:
Gas fees: billed at the current ⋀ L2 rate
Balancing fees: Ideally, 0 for both withdrawals/deposits, but will increase to cover the spread between L2 ⋀ and L1 ⋀. This fee will be burnt.
Transaction fees: 2% of the total amount on both withdrawals and deposits with a minimum of ⋀8 and a maximum of ⋀20. Fund usage will be defined by the board. Currently, this fee is deposited in the ecosystem fund. Fees are subject to change based on market evolution.
In addition to token transfers, Azarus will provide FIAT onramp/offramp capabilities through partners, with direct deposit to/from the user account.
Partners are still being evaluated.
In order to ensure stability and security of the platform, the Azarus platform will be monitoring:
The difference between L1 ⋀ in the bridge and the sum of all L2 ⋀ in all wallets. Too high a spread will cause an alert and the oracle to pause. If the situation does not stabilize, the bridge's address will be self-removed from the Bridge Safe, and a member of the Ops team along with the Directors will need to redeploy a bridge with a new key.
If the difference between L1 ⋀ and L2 ⋀ value moves more than 20% during the "rate-watch window", withdrawals and deposits will be suspended until the directors confirm the activity is legitimate.
